My company uses Google Apps, and we've built a single sign-on application to do our custom authentication.
It's been working just fine for several months.
I've noticed that with certain Google features (like switching accounts), the user is often supposed to get redirected back to a certain web page.
If the user isn't logged into any of our Google Apps accounts, then this works fine. However, if they're logged into one of our Google Apps accounts, then it ends up dead-ending at our sign-out page, because I don't know where I'm supposed to send the user at that point.
We actually don't even use the sign-out page for anything at all, it's only there because it's a required field when setting up SSO for Google Apps.
So my question: Where am I supposed to send the user after they've come to my custom sign-out page?
Where do you send them? Wherever you want them to be after sign out! :)
There are typically two places you get redirected to after sign out: the company's main page, or the sign in page.
For example, if I built a SSO for the Stanford Med School, after sign out, I'd probably redirect to med.stanford.edu or med.stanford.edu/signin (hypothetical).
In your case, I'd either redirect to your company's main page, or redirect back to your custom sign in page.
Related
I'm trying to make a chatbot with Dialogflow for Google Home. It requires the user to input a URL. Now it will definitely be a long and complicated URL which I can't recreate and I can't have the user speak into the google home.
The idea I had was that the user would input the URL on an agent on messenger. I store this on a Firebase database and then access it with a second agent.
Now the issue I have is authentication, I was hoping to use account linking on my google action with facebook. But I can't login to Facebook with google home. Or if I can, I can't find any documentation specific to that case. Facebook doesn't provide the necessary client ID and secret(as far as I can see).
I managed amazon and Gmail account linking with Alexa and an Amazon Echo. In those cases, you would have to login to google or amazon on the Alexa app or webpage. Then this will be integrated with your Echo and the skill will become usable.
Anyone have an idea of how I can make the link happen, if not then anyone have an idea as to how I can solve the overall problem?
This question has been left unanswered on other forums, but I was hoping to either get it solved or find an alternative.
There are three approaches to solving your overall problem - getting the URL manually entered and available to your Action. Two of them tackle it the way you've suggested - involving authenticating to Facebook and tying that to the Assistant account somehow. One solves it entirely inside the Assistant.
Account linking to the Facebook account
You've tagged firebase-authentication, so I'm going to assume that you're using it to do the auth and you've enabled Facebook login through it. This means your user has a "Firebase Account", but they log into that account using Facebook.
I will assume you have a way to get the URL from messenger once they're logged in.
The trick in this case is to setup Account Linking between their Firebase account and their Assistant account. This is done by setting up an OAuth2 server that has access to the Firebase accounts and will create authorization and refresh tokens that are given to the Assistant.
In the Action, you'll send the user to the Sign In helper, which will redirect them to your login page and send back a one-time auth code to the Assistant. The assistant will then use your OAuth2 server to exchange this code for auth and refresh tokens. Periodically it will use the refresh token to get new auth tokens.
When the user returns to the conversation through the Assistant, you'll be handed an auth token and you can use this to lookup the user. Since you also know their Facebook account, you can get the URL via however you planned to do so.
There are drawbacks to this method - it is very complicated, and setting up your own OAuth2 server is not for the faint of heart. You may be able to use something like Auth0 instead of Firebase Authentication to accomplish the same thing, but then you don't have the ease of access to the Firebase database.
Account linking to both Facebook and Google
In your Firebase account, however, you don't need to limit them to just logging into Facebook. You can have them use Firebase to record both the Facebook and Google accounts that they're using. This would "link" the two accounts together in your system.
With this, you don't need to setup an OAuth2 server. Instead, you can have the Assistant use Google Sign In for authentication. If the Google Cloud Project that Firebase is using and the Assistant are using are the same project, then once the user has logged in to your project's web page with their Google account, you'll get an identity token on the Assistant which will contain their Google ID. You can use this to match up with their Firebase account and get the Facebook ID and proceed from there.
But this is still a lot of work and kinda messy, jumping between systems.
Using just the Google Assistant (and maybe a web page)
If you're willing to make some assumptions about the devices your users are using, then you may be able to do it all just using the Assistant. The Assistant doesn't just run on the Google Home and other smart speakers, it also works on most current Android and iOS devices.
So you can detect if they have such a device available and, if they do and they're not currently on it, direct them to switch to that device when you need the URL.
If they don't have such a device available (perhaps because their version of Android is older), and you think this may be a common scenario, you may need to make another entry source available. This could be one of the solutions above, or you may want to just have a simple web page (done via Firebase Hosting and Firebase Functions, perhaps) where they log in using their Google account (so you get their ID) and you let them enter the URL. If you just need a URL - going through Dialogflow may be more complexity than you need.
we are using keycloak 3.4.2 to try to integrate SSO behavior (via SAML). I configured two clients in the same realm; if user logins to clientA and he opens a new tab in the same browser and logins to clientB he is successfully automatically logged in.
But we are trying to integrate the following behavior:
- from ipad user opens safari and goes to site A
- he logins to site A successfully
- from site A he clicks an "universal link" to open an app previously installed which is simply a webview to site B.
Current result is the user lands in the login page of the app.
Expected result is the user gets automatically logged in.
We are using iOS 11 for frontend. Both site A and site B have a backend side written in Java6.
Our idea was to reuse all cookies from site A to app with webview of site B by using an iOS widget "SFAuthenticationSession"; but once logged in the only cookie available is JSESSIONID which is not enough I think.
In my tests when I am using only a browser with different tabs, for each different tab I have a different JSESSIONID so I expect to have a different JSESSIONID when I am landing to site B.
Our approach has been taken from current source code:
https://github.com/dvdhpkns/SFAuthenticationSession-example
So what can we do to accomplish our task ?
What are we missing ? Do we need any other tokens/cookie ? How to retrieve them ? And when ?
I hope I clearly explained issue, sorry but authentication issues are not my strong point.
When a user is not logged in and they navigate to a page tab made with our app, they get an obtrusive dialog asking them to log in:
This has nothing to do with http vs https, the app is not in sandbox mode, there is nothing in the tab asking for a login or user information, etc. I've gone through the app settings at least a half dozen times now, and nothing is wrong there. Aside of urls, the settings are identical to another app I have that does not suffer from this problem. I'm stumped!
Edit: here is an affected tab: https://www.facebook.com/StaticHtmlThunderpenny/app_203351739677351
This message is not about login to your app, but Facebook in general.
So my guess would be that the page your app is installed as page tab app on is restricted in some way – by age, location, or for having alcohol-related content. And then of course Facebook asks for login, because otherwise they can not determine whether or not the (as of now still “anonymous”) user qualifies to see the page.
So go check the page settings.
This is actually not app related question.
This is thumb rule!! To access any app on Facebook, you need to log in to Facebook. You can see Facebook page without log in. But for facebook apps, you should be authentic user.
with this issue in my own experience that I came across some years back with a facebook app that I was running, if this doesn't relate to any of your other social networking apps then am aligning two set of possibilities and solution.
The user might have not properly logged out as "written" in the app for the users logout stage.
Solution would be that the user logout as expected before closing the app.
The user might have set up an automatic login prompt which was removed by the app when it was been updated automatically. (If you do get me???)
Solution would be to monitise your app on updates and login informations or better still just login and logout ask intended by the app and for security reasons.
Lastly I would say that automatic bookmark database should be added to the server part so current pages as the user uses the app would be saved after logout or login stage. Thank you, hope this helps and if not let me know what am missing.
I have used Face book Apps for register and login for my website (in PHP). Problem is very simple for you all experts.
When I try to login via FaceBook using my email id which I am using for Facebook developer login then I succeed but if I give any other email ID I can't able to login.
Ex.
x123#yahoo.com is id which I'm using for Facebook Developer Account
a123#gmail.com is normal Facebook user account.
Now if use x123#yahoo.com for login in my website, I am successful and redirected to Profile Page)
But if I use a123#gmail.com for login in my website I FAIL and I come back on same page from where I tried to login
Any guidance will help me to move forward I'm stuck here
By the reading of your problem I think you have your app on Sandbox mode. If you want to test on other profiles, you should consider creating Test Users.
Depending of your purposes, you may create another app just to make your tests (and therefore need not to be on sandbox mode).
My WebApp needs to authenticate user before allowing any sort of access. The scenario I'm trying to implement is a login page with username and password fields. Once user hits "send" button, a sign like "Verifing..." should be shown up while an RPC call verifies credentials. In case of success, load the main app screen.
What is the best way to implement that?
Have you looked at this page ?
It describes how to do the following:
Create a 'login' page that is based
on user/password authentication.
Store this data in a secure fashion
on your server.
Allow users to 'remain logged in' for
as long as you want so they don't
have to enter their user name and
password every time.
Make 'auto-complete' features of most
modern browsers work with your GWT's
login page. Discussion on adding more
security with either HTTPS or fancy
hashing algorithm.
I'm not sure how well secure your application has to be... but I would suggest leaving that piece of work to spring security.
You could make a regular login.html page which would, upon successful login, redirect user to the "real" gwt app.
Check out this article:
http://code.google.com/webtoolkit/articles/security_for_gwt_applications.html
Not tailored directly for GWT (can still integrate with it), this is a great tutorial for implementing a secure login system.
http://drdobbs.com/web-development/231002659